Fix heat domain/roles/user handling

2023-09-13 12:12:29 +01:00 · 2023-09-13 12:12:29 +01:00 · dfc62310d6
commit dfc62310d6
parent 6fb9ff2880
3 changed files with 9 additions and 8 deletions
--- a/openstack/00-init.tf
+++ b/openstack/00-init.tf
@ -21,8 +21,3 @@ variable "cloud" {
  type    = string
  default = ""
 }
-
-variable "heat_domain_id" {
-  type    = string
-  default = ""
-}
--- a/openstack/arif-home.tfvars
+++ b/openstack/arif-home.tfvars
@ -1,3 +1,2 @@
 cloud = "arif-home"
 domain_id = "3fd5a53e08e243b49ac3b171d57b4e4a"
-heat_domain_id = "cf34d55eaf294678971be7ad732be0d2"
--- a/openstack/stsstack_init/01-heat-roles.tf
+++ b/openstack/stsstack_init/01-heat-roles.tf
@ -1,12 +1,19 @@
+resource "openstack_identity_project_v3" "heat_domain" {
+    name          = "heat"
+    description   = "(tf managed) Domain for heat"
+    enabled       = true
+    is_domain     = true
+}
+
 resource "openstack_identity_user_v3" "heat_domain_admin" {
-  domain_id = var.heat_domain_id
+  domain_id = openstack_identity_project_v3.heat_domain.id
  name = "heat_domain_admin"

  password = "Ht8NdKTGdpJjRsS4V33tsVW4mSztgZMs" # leader-get heat-domain-admin-passwd
 }

 resource "openstack_identity_role_assignment_v3" "heat_admin_role_assignment" {
-  domain_id  = var.heat_domain_id
+  domain_id  = openstack_identity_project_v3.heat_domain.id
  user_id    = openstack_identity_user_v3.heat_domain_admin.id
  role_id    = data.openstack_identity_role_v3.admin.id
 }